Information Security in Distributed Systems Distributed Systems1
2 Subject Object Data and control stream Interruption Interception Modification Fabrication Authorization Authentication Encryption Auditing Objects: passive entities whose security attributes must be protected Subjects: active entities that access objects Threats: potential dangers which harm security Security Policy: a precise specification to describe appropriate levels of security Security Mechanism: an implementation of a given security policy ThreatsMechanisms
Distributed Systems3 Types of Threats Interception: an unauthorized subject has gained access to an object, such as stealing data, overhearing others communication, etc. Interruption: services or data become unavailable, unusable, destroyed, and so on, such as lost of file, denial of service, etc. Modification: unauthorized changing of data or tempering with services, such as alteration of data, modification of messages, etc. Fabrication: additional data or activities are generated that would normally no exist, such as adding a password to a system, replaying previously send messages, etc.
4 Methods of Attack Eavesdropping: obtaining copies of messages without authority Masquerading: sending/receiving messages using other’s identifier Tempering: stealing messages and altering their contents Replaying: storing messages and sending them at later date Infiltrating: accessing system in order to run programs that implement the attack (virus, worm, Trojan horse) Unknown yet: new attacking methods may appear later
Distributed Systems5 Trojan Horse: A piece of code that misuses its environment. The program seems innocent enough, however when executed, unexpected behavior occurs. Worms: Use spawning mechanism; standalone programs. Such facilities may exist accidentally as well as intentionally. Viruses:Fragment of code embedded in a legitimate program. Mainly effects personal PC systems. These are often downloaded via or as active components in web pages. Indirect Infiltration
Distributed Systems6 Security Mechanisms Encryption: transforming data into something an attacker cannot understand, i.e., providing a means to implement confidentiality, as well as allowing user to check whether data have been modified. Authentication: verifying the claimed identity of a subject, such as user name, password, etc. Authorization: checking whether the subject has the right to perform the action requested. Auditing: tracing which subjects accessed what, when, and which way. In general, auditing does not provide protection, but can be a tool for analysis of problems.
Distributed Systems7 : client : service : data (a) invalid operations (b) illegal invocations (c) Illegal client where Focus of Control
Distributed Systems8 encrypt/decrypt Trusted secure system kernel Authentic ation authorizat ion auditing other servers req reply ……… clients Special servers dedicated to different security issues Dedicated Security Mechanism
Distributed Systems9 Application + security Middleware + security Operation system and security Secure Comm. kernel mechanism security Application + security Middleware + security Operation system and security Secure Comm. kernel mechanism security client Layered Security Mechanism
Distributed Systems10 Secure serverNormal server client RISSC Security Mechanism RISSC (Reduced Interface for Secure System Components) Any security-critical server is placed on a separate machine isolated from end-user systems using low-level secure network interface. Clients run on different machines and can access the secured server only through these network interface.
Distributed Systems11 Cryptography Intruders and eavesdroppers in communication
Distributed Systems12 Discussion of DES The principle of DES is quite simple: initial permutation, 16 rounds of transformation, and final permutation. Even through the DES algorithm is well known, but the key or cipher is difficult to break using analytical methods. Using a brute-force attack by simply searching for a key is possible. However, for 56-bit key, there are 2 56 possible key combinations, if we could search one key in 1 µs, then we need 2283 years to try all keys. (Distributed.net broke a DES-56 within 22 hours and 15 minutes, by using 100,000 PCs). Use 3DES (K1, K2, K3), or DES-128 for high security.
Distributed Systems13 Authentication How to make the communication between clients and servers (or senders and receivers) secure? We need to authentication of communication parties. Authentication and message integrity are closely related, cannot go without each other. Commonly use authentication models: (1) based on a shared secret key (2) based on a key from KDC (Key Distribution Center) (3) based on public key
Distributed Systems14 Digital Signatures A digit signature has the same authentication and legally binding functions as a handwritten signature. An electronic document or message M can be signed by an entity A by encrypting a copy of M in a key K A and attaching it to a plain-text copy of M and A’s identifier, such as. Once a signature is attached to a electronic document, it should be possible (1) any party that receives a copy of message to verify that the document was originally signed by the signatory, and (2) the signature can not be altered either in transmit or the receivers.
Distributed Systems15 Firewalls A Firewall is a special kind reference monitor to control external access to any part of a distributed system. A Firewall disconnects any part of a distributed system from outside world, all outgoing and incoming packets must be routed through the firewall. A firewall itself should be heavily protected against any kind of security threads. Models of firewall: Packet-filtering gateway Proxy: Application-level Proxy Circuit-level Proxy
Distributed Systems16 Firewalls: Bastian structure internal network external network Bastian … protected hosts … A Bastian is a special computer which provides secure services, including authentication and access control. Bastian can be a single machine or a dual-machine.
Distributed Systems17 Firewalls: Bastian + Filtering gateway internal network external network Filtering gateway bastian … protected machines... Gateway implements IP packet filtering functions. A Bastian provides secure services.